Recommended NZ | Guide to Money | Gimme: Competitions - Giveaways

Compromised passwords: Don't ignore those iPhone alerts

Fuseworks Media
Fuseworks Media

Kiwis with iPhones who recently starting noticing alerts notifying them that their passwords are compromised should not ignore the alerts if they want to keep their details and account information safe.

"Some are ignoring the iPhone alerts, or they are suspicious of them, but it's a good thing that Apple is doing. There are many large databases of stolen credentials on the Internet, and these alerts let you know that you are compromised.

"When Apple, or any other large provider, queries a database of compromised credentials, they can alert their users. It is a warning to stop using a particular password or reset it completely - it's got nothing to do with iCloud itself."

Watson said the alerts notify you that your credentials, including passwords, are out in the world - where they are bought and sold on the dark web. Your usernames, emails and passwords are at risk of enabling more subtle cyberattacks rather than the brute force hacking attacks with which people are familiar.

"If you get a notification and you use that password - or any variations of it - you should change it immediately. If the platform or software related to the compromised password allows two-factor authentication, you should enable that as an extra layer of security."

Watson said Kiwis tend to be lazy around passwords because they commonly use the same password, or variations of that password, across multiple sites.

"It's dangerous when you do that. I know it's a pain to have to come up with different passwords every five minutes and having to remember them, but there are password management tools that can help you with that for a relatively low annual subscription."

The Chrome web browser has a password management tool that is fine for individual users, but it's not robust enough for a company.

"Chrome is connected to Gmail, and that's usually linked to the staff member's personal account. It's messy," Watson says.

Set password policies

Companies should specify how their software is accessed and not leave it to staff to figure out for themselves. Instead, set a policy that requires your team to use unique passwords for each application or platform.

Install a management tool

"Humans find it hard to remember passwords for a dozen websites," Watson said. "Instead, provide tools like password management software to make compliance with your policies easy. If you do not, compliance will be low. People will use the same password over and over with minor variations. That means your business is not secure."

Have an exit strategy

Watson said it is a common problem in New Zealand for departing staff to take their passwords and access credentials. These then remain in the system as dormant accounts and could be seen as low lying fruit for a disgruntled staff member.

"Make password protection a company level responsibility rather than leaving it to individuals. This makes it easy for staff to comply with security policies and enables easier exit of employees with less vulnerability later.

"Have an employee exit procedure, which includes prompt notification to the IT support team, especially if you have outsourced your security. Integrate your human resources and information technology processes."

Watson said most New Zealanders have likely had passwords compromised - both personal and work-related - but it's never too late to implement good password hygiene.

"Password management tools are low cost and easy. There's no excuse."

For more information visit:

All articles and comments on have been submitted by our community of users. Please notify us if you believe an item on this site breaches our community guidelines.